A common security prediction for 2010 is the continued rise of malware and phishing attacks on mobile phones. The MarkMonitor SOC recently detected an interesting twist on this theme involving a popular smartphone and the latest smart technologies used by cybercriminals. In this case, instead of compromising a smartphone to steal its information, cybercriminals used phishing techniques to clone smartphones.
Here’s how it works. Emails which offer a free one-year warranty extension for a popular smartphone, link to a company-branded web page. That web page asks for an email address and then smartphone serial number, IMEI number, type of phone, and capacity of phone. See below for examples of the phishing web page.
Cybercriminals use the information requested on the web page to clone the smartphone for various uses, including stealing long-distance service from the subscriber or simply using a deniable, disposable smartphone for other criminal activities. In effect, the cybercriminals used phishing techniques to clone smartphones.
This recent attack also stands out because it utilizes some advanced technologies and suggests possible directions of future cybercriminal activity. First, the attack uses server-side logic that hides the phishing site unless it is accessed through the browser produced by the smartphone company. Second, the attack uses additional protective technology in the form of a fast-flux network, which hides the phishing site behind a dynamic network of ever-changing proxies. These two smart technologies demonstrate how cybercriminals continue to focus their efforts on making their attacks targeted, stealthy, and resilient.